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DETAILED ACTION 



1. Applicant's response filed on August 25, 2009 has been fully considered. 
Claims 1-24 are pending. 



Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

3. Claims 1, 7, 10-12, 18, 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Authurs et al. (U.S. Patent No. 4,896,934), hereinafter "Authurs", in 
view of Sawey (U.S. Patent No. 7,151 ,777 B2). 

Referring to claim 1 : 

i. Authurs teaches: 

A method of providing physical port security in a digital 
communication system, comprising: 

receiving a frame of digital data at a network device (see figure 3 
'packet format', of Authurs); 

a destination port bit map based on the destination address 
information contained in said frame of digital data (see figure 3, element 'destination bit- 
map field'; and column 5, lines 50-54, of Authurs); 
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comparing said destination port bit map with a physical port security 
bit map to generate a bit map of allowed destination ports, wherein said physical port 
security bit map is generated, after said receiving, based on information in said received 
frame of digital data (see column 5, lines 58-65; column 6, lines 4-9; and column 7, lines 
1-3, of Authurs); and 

forwarding said frame of digital data to one or more of said allowed 
destination ports (see figure 1, elements 14-1..14-n 'output ports', of Authurs). 

Authurs discloses generating the physical port security bit map. 
Authurs further discloses the destination port bit map. However, Authurs does not 
specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Sawey into the method of 
Authurs to generate a destination port bit map. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Authurs to generate a destination port 
bit map, because Authurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1 , lines 5-8, of Authurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Authurs's 
system. 

Referring to claims 7, 18: 
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Authurs and Sawey teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Authurs further discloses the router (see column 2, lines 31-33, of Authurs). 
Referring to claim 10 : 

Authurs and Sawey teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
They further discloses the process (see column 1 , line 51 , of Sawey). 
Referring to claim 1 1 : 

Authurs and Sawey teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
Authurs further discloses that the bit map is generated dynamically (see column 5, lines 
58-65, of Authurs). 

Referring to claim 12 : 

i. Authurs teaches: 

A system for providing physical port security, comprising: 
At least one processor within a network device, said network device 
having a communication port for receiving digital data from a digital communications 
system and two or more physical data ports for forwarding said digital data, said at least 
one of processor enables (see figure 1, element 10; and column 2, lines 31-33, of 
Authurs): 

a destination port bit map based on destination address information 
contained in said received digital data (see figure 3, element 'destination bit-map field'; 
and column 5, lines 50-54, of Authurs); 

Comparing of said destination port bit map within a physical port 
security bit map to generate a bit map of allowed destination ports, wherein said 
physical port security bit map is generated, after said receiving, based on information 
within said received digital data (see column 5, lines 58-65; column 6, lines 4-9; and 
column 7, lines 1-3, of Authurs); and 

Forwarding of said digital data to one or more of said allowed 
destination ports (see figure 1, elements 14-1..14-n 'output ports', of Authurs). 
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Authurs discloses generating the physical port security bit map. 
Authurs further discloses the destination port bit map. However, Authurs does not 
specifically mention generating the destination port bit map. 

ii. Sawey teaches a crosspoint switch having multicast functionality, 
wherein Sawey discloses generating the destination port bit map based on the 
destination address contained in the frame of the digital data (see figure 4, elements 
100 'receive multicast packet', 102 'generate port map mapping multicast address to 
destination output ports'; and column 7, lines 41-45, of Sawey). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Sawey into the method of 
Authurs to generate a destination port bit map. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Sawey into the system of Authurs to generate a destination port 
bit map, because Authurs teaches "The present invention relates to an optical switch for 
use in a fiber optic telecommunications network, and more particularly, to an optical 
switch with multicast capability ." (see column 1 , lines 5-8, of Authurs, emphasis added). 
Sawey teaches "The present invention relates generally to packet switching and, more 
particularly, to a crosspoint switch having multicast functionality ." (see column 1 , lines 6- 
8, of Sawey, emphasis added). Therefore, Sawey's teaching could enhance Authurs's 
system. 

Referring to claims 24 : 

Authurs and Sawey teach the claimed subject matter: an intermediate 
network device (see claim 12 above). Authurs further discloses that the bit map is 
dynamically altered based on a variable parameter (see column 5, lines 58-65, of 
Authurs). 

4. Claims 2-5, 6, 8-9, 13-16, 17, 19-23 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Authurs et al. (U.S. Patent No. 4,896,934) in view of Sawey 
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(U.S. Patent No. 7,151,777 B2), and further in view of Wieget (U.S. Patent No. 
6,484,261 B1). 

Referring to claims 6, 17, 22 : 

i. Authurs and Sawey teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). 
However, they do not specifically mention the IP address. 

ii. Wieget teaches a graphical network security policy management 
wherein Wieget discloses the IP address (see column 2, lines 14 of Wieget). 

iii. It would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to combine the teaching of Wieget into the method of 
Authurs and Sawey to use IP address. 

iv. The ordinary skilled person would have been motivated to have 
applied the teaching of Wieget into the system of Authurs and Sawey to use IP 
address, because Authurs teaches using the information provided in a packet to 
generate a port bitmap (see column 5, lines 58-65, of Authurs). And IP address is the 
information contained in the packet. Therefore, Wieget's teaching could enhance the 
system of Authurs and Sawey. 

Referring to claims 2, 13 : 

Authurs, Sawey, and Wieget teach the claimed subject matter: a method 
of providing physical port security in a digital communication system (see claim 1 
above). They further disclose the logical AND (see column 1 8, line 7 of Wieget). 

Referring to claims 3-5, 14-16, 23 : 

Authurs, Sawey, and Wieget teach the claimed subject matter: a method 
of providing physical port security in a digital communication system (see claim 1 
above). They further disclose the source address and the destination address (see 
column 2, lines 8-1 1 , of Weight). 

Referring to claims 8, 19 : 
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Authurs, Sawey, and Wieget teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the network 
file server (see column 10, line 52-55 of Wieget). 
Referring to claims 9, 20 : 

Authurs, Sawey, and Wieget teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the local area 
network (see column 10, line 52-55 of Wieget). 
Referring to claim 10 : 

Authurs, Sawey, and Wieget teach the claimed subject matter: a method 
of providing physical port security in a digital communication system (see claim 1 
above). They further discloses the process (see column 7, line 62, of Wieget). 
Referring to claim 21 : 

Authurs, Sawey, and Wieget teach the claimed subject matter: an 
intermediate network device (see claim 12 above). They further disclose the IP data 
(see column 2, lines 14 of Wieget). 

Response to Arguments 

5. Applicant's arguments, filed on August 25, 2009, have been fully 
considered but they are not persuasive. 

(a) Applicant argues: 

"Initially, the Applicant points out that Arthurs' Output Availability Field in a token 
is not a physical port security bitmap of allowed destination ports. More specifically, the 
Output Availability Field of a list of all output ports (not only allowed destination ports), 
and it indicates which output port has been reserved to receive transmitted data." (see 
page 10, last paragraph). 

Examiner maintains: 
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Authurs discloses "FIG. 6 illustrates an example of a write phase of the 
contention resolution algorithm for the case of a switch having eight input ports and 
eight output ports. The left-hand column of FIG. 6 shows the Source Address (SA) 
Field and Destination Bit Map (d.sub.i .multidot.d.sub.8) of the packets present at each 
of the input ports SA=1 . . . SA=8 (i.e. input ports 12-1 . . . 12-N of FIG. 1, where N=8). 
The right-hand column of FIG. 6 shows the token as it sequentially passes each of the 
eight input ports SA=1 . . . SA=8. 

Note that the packet at the input port with SA=1 [i.e., the received frame of digital 
data] is a multicast packet. In particular, its Destination Bit Map Field indicates that 
d.sub.7 =1 and d.sub.3 =1 so that this packet is to be routed to output ports 7 and 3 (i.e. 
output ports 1 4-7 and 1 4-3 of FIG. 1 ). Since, the token leaves the token generator 31 
with a clear Output Port Availability field and the input port with SA=1 is the first input 
port reached by the token, a.sub.3 and a. sub. 7 are set to logic "1" in the "Output 
Availability" field of the token [i.e., generate the Output Availability Field based on the 
received frame of digital data], and the address "1" for the first input port is written into 
the subfields A3 and A7 of the Source Address Field of the token. The token then 
passes to the input port with SA=2 (corresponding to input port 12-2 in FIG. 1). 

The packet at the input port with SA=2 has d.sub.4 =1 in its Destination Bit Map 
Field. Thus, this packet is a point-to-point (i.e. a unicast) packet to be routed to the 
output port 4 (corresponding to output 14-4 of FIG. 1). Thus, the input port with SA=2 
modifies the Output Availability field of the token so that a.sub.4 =1 and so that the 
source address SA=2 is written into the corresponding Source Address subfield 
A.sub.4. 

In this manner, the token is modified as it moves from input port to input port 
along the track 31 . In the example of FIG. 6, it should be noted that the input port SA=7 
(corresponding to input port 12-7) is idle, i.e. no destinations are indicated in its 
Destination Bit Map field. In addition, the input ports SA=4,5, and 6 (i.e. 12-4, 12-5, 12- 
6 of FIG. 1 ) are contending for output ports already reserved by other input ports. Thus, 
these input ports do not modify the token and are required to wait for the next 
transmission cycle to compete again for transmission. 
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The example of FIG. 6 shows clearly how the optical switch of the present 
invention successfully integrates unicast, broadcast and multicast applications. 
." (see figure 6; and column 6, line 42 to column 7, line 19, of Authurs, emphasis added) 

Therefore, Authurs discloses that the Output Availability Field of a token contains 
the physical port security bit map of only allowed ports. 

(b) Applicant argues: 

"In this regard, Arthurs' Output Availability Field is not generated after receiving 
of the frame of digital data." (see page 1 1 , 2nd paragraph). 
Examiner maintains: 

Authurs discloses "The operation of the switch 10 of FIG. 1 may be described as 
follows. Packets arriving [i.e., receive the frame of digital data] via the incoming trunks 
16-1. . . 1 6-N are buffered at the 

corresponding input ports 12-1 . . . 12-N. These packets are transmitted fromthe input 
ports 12-1 . . . 12-N to the output ports 14-1 . . . 14-N in transmission cycles. 

Each transmission cycle comprises two control phases and a transmission 
phase. During the first control phase, a token generated [i.e., generate the token field 
Output Availability Field (physical port security bit map)] by the token generator 32 is 
passed sequentially along the track 31 from one input port 12 to the next. The input 
ports 12 write information into the token indicating the output ports 14 to which their 
packets are to be sent." (see column 4, line 63 to column 5, line 7, of Authurs, emphasis 
added). 

Therefore, Authurs discloses that the Output Availability Field is generated after 
receiving of the frame of digital data, such as disclosed in the claimed invention. 

(c) Applicant argues: 

"Furthermore, generating of Arthurs' Output Availability Field is also not based on 
information in the received frame of digital data (since it was generated prior to the 
digital data is even transmitted to the output ports)." (see page 1 1 , 2nd paragraph). 
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Examiner maintains: 

Authurs discloses that the Output Availability Field is generated based on the 
received frame of digital data (see (a) above). 

Conclusion 

6. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire 

THREE MONTHS from the mailing date of this action. In the event a first reply is filed 

within TWO MONTHS of the mailing date of this final action and the advisory action is 

not mailed until after the end of the THREE-MONTH shortened statutory period, then 

the shortened statutory will expire on the date the advisory action is mailed, and any 

extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 

the advisory action. In no event, however, will the statutory period for reply expire later 

than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Joseph Pan whose telephone number is 571- 
272-5987. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 

/Joseph Pan/ 
Examiner, Art Unit 2435 
November 24, 2009 

/Kimyen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



